Process Protection

Discussion in 'other anti-malware software' started by n8chavez, Aug 15, 2008.

Thread Status:
Not open for further replies.
  1. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,302
    Location:
    Location Unknown
    Is there a simple/lightweight application that I can out in place that will prevent process termination and/or manipulation? I'm not looking for a full-pledged HIPS, just something that is intended for soley the above function. I'm looking for something to suplement LnS and prevent SBIE termination.

    My instinct says that there is no such app but I guess it can't hurt to ask.
     
  2. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Hello :D , n8chavez ,

    YES : StartupMonitor of Mike Lin : http://www.mlin.net/ .
    Trustworhy & trusty ... FREE ...

    Look to thread : " StartupMonitor - a ANOREXIC software ( 84 KB ) a challenge for its giant brothers !?? " -August 13th, 2008 - on this Forum.

    Look for my signature ...

    Thanks , PROROOTECT:cool:
     
  3. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,302
    Location:
    Location Unknown
    This application will not prevent other application from being terminated and/or manipulated. It simply alerts the user when startup entries are modified. As I mentioned in the thread you mentioned, it doesn't even do a very good job at that. StartupMonitor does not monitor service startups. Thanks for the suggestion but this is not what I'm looking for,
     
  4. Remouald

    Remouald Registered Member

    Joined:
    Dec 16, 2005
    Posts:
    99
    If you don't want the full hips features I would recommend you Processguard http://www.diamondcs.com.au/processguard/download.php

    The free version will meet your need. You can even disable "execution protection" (so you won't get pop-ups when opening your programs) and just use the termination/modification protection by adding the programs you want to protect to the "Protection List"
     
  5. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    StartupMonitor cannot even protect itself from termination. Nor can it protect any other process. It is nonsense to say otherwise. :cautious:

    The HIPS that can do the job that OP is seeking include but are not necessarily limited to: Comodo FWP (Defense+), System Safety Monitor, Online Armor, & EQSecurity.
     
  6. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    IMHO a critical missing element which would be nice to see formulated as a standalone to restart any apps in an instant like SSM employs.

    We may never see this realized but it's a very desired request that seems to continue to attract the interest of many users. Sure would prove useful, without a doubt.
     
  7. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    OA does it also
     

    Attached Files:

    • 5.gif
      5.gif
      File size:
      17.5 KB
      Views:
      460
  8. majoMo

    majoMo Registered Member

    Joined:
    Aug 31, 2007
    Posts:
    938
    Application Monitor doesn't prevent termination - but if an app. "has stopped working it will start it again."

    Standalone, 176 Kb.
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    Removed some off topic posts.

    Pete
     
  10. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Hi

    Have you considered AppDefend?
     
  11. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    This Processguard software from diamonds isn't very good, I don't think that is has been updated in a long while. Reason why I say this is because I have tested it with Advanced Process Termination v4.2 which is also made by Diamonds and it failed the test.

    This is why I use EQsecure. EQsecure has excelent protection from process termination. Advanced Process Termination v4.2 was unable to terminate anything with Eqsecure installed.

    I am still yet to test how good Comodo is at process termination protection, haven't got around to it yet.
     
  12. Remouald

    Remouald Registered Member

    Joined:
    Dec 16, 2005
    Posts:
    99
    There is a new version of ProcessGuard (3.500). And it will pass every termination methods used by Advanced Process Termination v4.2 , but you have to enable "Secure Message Handling" (available only in Paid version) to pass killing methods "WM_Close", "WM_QUIT" and "WM_SYSCOMMAND". I don't use PG on my main machine but think it's one the simpliest HIPS available though I prefer something like SSM, EQSecure or ProSecurity :)
     
    Last edited: Aug 15, 2008
  13. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,302
    Location:
    Location Unknown
    I appreciate all the suggestion. Thank you all. I tend to shy away from "suites", or anything that I believe tries to accomplish too much. I would put Online Armor in that category. In fact, I gave away a license that I won for it because of that reason. Instead, I prefer applications that have a specific task in mind, ie. SBIE, LnS, Proxomitron, etc. I do make an exception for Jetico, which offers light HIPS features.

    Thank you for the suggestion. I have used ProcessGuard in the past, in fact it was my first "HIPS", but I think that it is no longer as effective as it used to be. In short, I wouldn't trust it any longer.

    The problem with that, and the same is true of TaskCatcher, is that applications that use this approach (instead of prevention) cannot restart themselves should they get terminated. Then, if that happens, there is no point to using it as it then becomes the weakest link in the chain, so to speak.

    I have been thinking lately if indeed process termination protection is required with my configuration, SBIE and LnS, because they both are run via service. If the .exe gets terminated does the application still continue to function?
     
  14. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    This type of a standalone is vital IMO and should be developed by some freelance or other programmer to reininitate any closed app even if it was with Task Manager or the testing app APT (all methods IMO).

    In my opinion, any programmer who can pull this off will make a name for theirself. You can bet SSM could spin something of this nature off from their SSM HIPS but is not likely since they;ve incorporated that fantastic feature within SSM itself.

    But it would be a mark of EXCITING & good craftsmanship if any developers were able to pull it off as a portable standalone. It's sorely needed in my opinion.

    EASTER
     
Loading...
Thread Status:
Not open for further replies.